Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3449aca3 by security tracker role at 2025-02-21T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-27100 (lakeFS is an open-source tool that transforms your object
storage into ...)
+ TODO: check
+CVE-2025-27098 (GraphQL Mesh is a GraphQL Federation framework and gateway for
both Gr ...)
+ TODO: check
+CVE-2025-27097 (GraphQL Mesh is a GraphQL Federation framework and gateway for
both Gr ...)
+ TODO: check
+CVE-2025-27088 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In
affected vers ...)
+ TODO: check
+CVE-2025-25960 (Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows
a remote ...)
+ TODO: check
+CVE-2025-25958 (Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3
allows a remo ...)
+ TODO: check
+CVE-2025-25957 (Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and
before a ...)
+ TODO: check
+CVE-2025-25679 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
+ TODO: check
+CVE-2025-25678 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
+ TODO: check
+CVE-2025-25676 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
+ TODO: check
+CVE-2025-25675 (Tenda AC10 V1.0 V15.03.06.23 has a command injection
vulnerablility lo ...)
+ TODO: check
+CVE-2025-25674 (Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow
in form_ ...)
+ TODO: check
+CVE-2025-25668 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
+ TODO: check
+CVE-2025-25667 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
+ TODO: check
+CVE-2025-25664 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack
overflow vi ...)
+ TODO: check
+CVE-2025-25663 (A vulnerability was found in Tenda AC8V4 V16.03.34.06.
Affected is the ...)
+ TODO: check
+CVE-2025-25662 (Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow
in the ...)
+ TODO: check
+CVE-2025-22973 (An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to
obtain s ...)
+ TODO: check
+CVE-2025-1407 (The AMO Team Showcase plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable due to failure of
the upda ...)
+ TODO: check
+CVE-2024-7131
+ REJECTED
+CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript
function of ...)
+ TODO: check
+CVE-2024-38657 (External control of a file name in Ivanti Connect Secure
before versio ...)
+ TODO: check
+CVE-2024-13883 (The WPUpper Share Buttons plugin for WordPress is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2024-13818 (The Registration Forms \u2013 User Registration Forms,
Invitation-Base ...)
+ TODO: check
+CVE-2024-13751 (The 3D Photo Gallery plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-13672 (The Mini Course Generator | Embed mini-courses and interactive
content ...)
+ TODO: check
+CVE-2024-13585 (The Ajax Search Lite WordPress plugin before 4.12.5 does not
sanitise ...)
+ TODO: check
+CVE-2024-13537 (The C9 Blocks plugin for WordPress is vulnerable to Full Path
Disclosu ...)
+ TODO: check
+CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-13379 (The C9 Admin Dashboard plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13314 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin
before ...)
+ TODO: check
+CVE-2024-13235 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin
plugin ...)
+ TODO: check
+CVE-2024-11260 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
CVE-2025-27096 (WeGIA is a Web Manager for Institutions with a focus on
Portuguese lan ...)
NOT-FOR-US: WeGIA
CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264
encoding ...)
@@ -274,6 +344,7 @@ CVE-2025-1465 (A vulnerability, which was classified as
problematic, was found i
CVE-2025-1464 (A vulnerability, which was classified as critical, has been
found in B ...)
NOT-FOR-US: Baiyi Cloud Asset Management System
CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 133.0 ...)
+ {DSA-5869-1}
- chromium 133.0.6943.126-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that
allows an at ...)
@@ -291,9 +362,11 @@ CVE-2025-1024 (A vulnerability exists in ChurchCRM
5.13.0that allows an attacker
CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the
/user/namespace/{namespace} ...)
NOT-FOR-US: OpenVSX
CVE-2025-1006 (Use after free in Network in Google Chrome prior to
133.0.6943.126 all ...)
+ {DSA-5869-1}
- chromium 133.0.6943.126-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-0999 (Heap buffer overflow in V8 in Google Chrome prior to
133.0.6943.126 al ...)
+ {DSA-5869-1}
- chromium 133.0.6943.126-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is
vulnerable to ...)
@@ -5004,7 +5077,7 @@ CVE-2025-23596 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2025-23215 (PMD is an extensible multilanguage static code analyzer. The
passphras ...)
NOT-FOR-US: PMD
-CVE-2025-23001 (A Host Header Injection vulnerability exists in CTFd 3.7.5,
due to the ...)
+CVE-2025-23001 (A Host header injection vulnerability exists in CTFd 3.7.5,
due to the ...)
NOT-FOR-US: CTFd
CVE-2025-22994 (O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in
Meetings - S ...)
NOT-FOR-US: O2OA
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
